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1 This action is in response to the communication filed on 4/13/2004. 

2 DETAILED ACTION 

3 Claims 1-17 have been examined. 

4 Title 

5 The title of the invention is not descriptive. A new title is required that is clearly 

6 indicative of the invention to which the claims are directed. 
7 

8 Information Disclosure Statement 

9 The information disclosure statement(s) (IDS) submitted on 1 1/9/2004 and 1/13/2005 are 

1 0 in compliance with the provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the 

1 1 information disclosure statements. 

12 Drawings 

13 The drawings filed on 4/13/2004 are acceptable for examination proceedings. 

1 4 Claim Rejections - 35 USC §101 

15 35 U.S.C. 101 reads as follows: 

1 6 Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 

1 7 any new and useM improvement thereof, may obtain a patent therefor, subject to the conditions and 

1 8 requirements of this title. 

19 

20 Claims 13 and 16 are rejected under 35 U.S.C. 101 because the claimed invention is 

21 directed to non-statutory subject matter. Claims 13 and 16 are directed towards "programs" 

22 which are not tangibly embodied. Computer programs claimed as computer listings per se, i.e., the 

23 descriptions or expressions of the programs, are not physical "things." They are neither computer 

24 components nor statutory processes, as they are not "acts" being performed. Such claimed computer 

25 programs do not define any stmctural and flinctional interrelationships between the computer program 
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1 and other claimed elements of a computer which permit the computer program's fimctionality to be 

2 realized. In contrast, a claimed computer-readable medium encoded with a computer program is a 

3 computer element which defines structural and functional interrelationships between the computer 

4 program and the rest of the computer which permit the computer program's functionality to be realized, 

5 and is thus statutory. See Lowry, 32 F.3d at 1583-84, 32 USPQ2d at 1035. Accordingly, it is important to 

6 distinguish claims that define descriptive material per se from claims that define statutory inventions. 

7 Claim Rejections - 35 USC § 102 

8 The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 

9 basis for the rejections under this section made in this Office action: 
10 A person shall be entitled to a patent unless 

1 1 

12 (b) the invention was patented or described in a printed publication in this or a foreign 

13 country or in public use or on sale in this country, more than one year prior to the date of 

14 application for patent in the United States. 
15 

16 

17 Claims 1-3, 6-9, and 12-17 are rejected under 35 U.S.C. 102(b) as being anticipated by 

1 8 WO 0 1 /8476 1 A for the reasons provided in the Intemational Search Report for 

19 PCT/JP2004/005083. 

20 Claims 6 and 10 are rejected under 35 U.S.C. 102(b) as being anticipated by WO 

2 1 02/095553 A for the reasons provided in the Intemational Search Report for 

22 PCT/JP2004/005083. 

23 Claim 1 1 is rejected under 35 U.S.C. 102(b) as being anticipated by WO 01/27723 A for 

24 the reasons provided in the Intemational Search Report for PCT/JP2004/005 083 . 
25 

26 
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1 

2 Claims 1, 2, 6, and 12-17 are rejected under 35 U.S.C. 102(b) as being anticipated by 

3 Caputo et al. (US Patent Number 5,778,071) hereinafter referred to as Caputo. 

4 Regarding claims 1, 2, 6, and 12-17, Caputo disclosed an apparatus authentication system 

5 which comprises a server apparatus and a client apparatus which perform a mutual authentication 

6 when a content is transmitted from the server apparatus to the cUent apparatus for use therein 

7 (See Caputo Fig. 3), wherein the client apparatus includes: a receiving unit operable to receive 

8 challenge data from the server apparatus (See Caputo Col. 17 Lines 3 1-36); a signature 

9 generating unit operable to generate signature data based on the received challenge data and a 

10 first password (See Caputo Col. 17 Lines 37-46); and a fransmitting unit operable to transmit the 

1 1 generated signature data (See Caputo Col. 17 Lines 47-48), and the server apparatus includes: a 

12 challenge data fransmitting unit operable to generate and fransmit the challenge data (See Caputo 

13 Col. 13 Lines 25-42); a holding unit operable to hold a second password in advance (Sec Caputo 

14 Col. 13 Lines 50-55); a receiving mit operable to receive the signature data from the client 

15 apparatus (See Caputo Col. 13 Lines 49-50); an authentication unit operable to perform an 

1 6 authentication of the received signature data based on the challenge data and the second 

17 password (See Caputo Col. 13 Lines 55-59); and a content transmitting unit operable to, if the 

1 8 authentication results in success, transmit an encrypted content to the client apparatus, the 

1 9 encrypted content having been encrypted in such a manner that the encrypted content can be 

20 decrypted by the client apparatus (See Caputo Col. 16 Lines 28-36). 
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2 Claim Rejections - 35 USC § 103 

3 The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

4 obviousness rejections set forth in this Office action: 

5 A patent may not be obtained though the invention is not identically disclosed or described as set 

6 forth in section 102 of this title, if the differences between the subject matter sought to be 

1 patented and the prior art are such that the subject matter as a whole would have been obvious 

8 at the time the invention was made to a person having ordinary skill in the art to which said 

9 subject matter pertains. Patentability shall not be negatived by the manner in which the 



10 invention was made. 
11 

12 Claims 3 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Caputo as 

13 applied to claims 2 and 6 above. 

1 4 Although Caputo did not specifically disclose that the passwords were registered by 



1 5 inputting them at the client, transmitting them to the server, and storing them at the server, it was 

16 well known in the art at the time of invention to register passwords with a server in this manner. 

17 As such, it would have been obvious to the ordinary person skilled in the art to have registered 

1 8 the passwords into the server in this manner. This would have been obvious because the 

1 9 ordinary person skilled in the art at the time of invention would have been motivated to allow a 

20 user of the system the flexibility to register a password without requiring them to do so at the 

21 location of the server. 

22 Claims 4-5, and 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over Caputo 

23 as applied to claims 2 and 6 above, and further in view of Goertzel et al. (US Patent Number 

24 6,308,273). 
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1 While Caputo disclosed the claimed challenge-response system and method, Caputo 

2 failed to specifically disclose determining which of two varying length passwords to use based 

3 upon the distance between the client and the server. 

4 Goertzel teaches that by gathering location information about the client, the 

5 authentication itself may be made dependent on the location of the user by increasing the 

6 security of the authentication when the client is remote from the server and allowing less secure 

7 authentication when the client is local to the server (See Goertzel Col. 17 Lines 27-45). 

8 Furthermore, it was well known in the art at the time of invention, that longer passwords provide 

9 more secure authentication than shorter passwords, while shorter passwords are more user 

1 0 friendly and easier to remember. 

11 It would have been obvious to the ordinary person skilled in the art at the time of 

12 invention to have employed the teachings of Goertzel in the password system of Caputo by 

13 gathering location information about the client, and using shorter passwords when the client is 

14 local to the server while using longer passwords when the client is remote from the server. This 

1 5 would have been obvious because the ordinary person skilled in the art at the time of invention 

1 6 would have been motivated to provide greater security to remote authentication while providing 

17 convenience to the local users. 

18 Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Caputo as applied 

19 to claims 2 and 6 above, and further in view of Hess et al. (US Patent Application Publication 

20 2003/00 1 8893) hereinafter referred to as Hess. 
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1 While Caputo disclosed the claimed challenge-response method being performed to 

2 authenticate the client to the server, Caputo failed to disclose the challenge-response being 

3 performed in the opposite direction in order to authenticate the server to the client. 

4 Hess teaches that in order to provide mutual authentication, the challenge response 

5 method is carried out twice, once in each direction (See Hess Entire Document, especially 

6 Paragraph 0006). 

7 It would have been obvious to the ordinary person skilled in the art at the time of 



8 invention to have employed the teachings of Hess in the authentication system by carrying out 

9 the challenge-response in both directions. This would have been obvious because the ordinary 

1 0 person skilled in the art at the time of invention would have been motivated to protect the user 

1 1 device from illicit server devices. 



12 Claims 10-11 are rejected under 35 U.S. C. 103(a) as being unpatentable over Caputo as 

13 applied to claims 2 and 6 above, and fiirther in view of BoUe et al. (US Paten Number 6,819,219) 

14 hereinafter referred to as BoUe. 

15 Caputo disclosed the challenge response system as claimed, but failed to specifically 

1 6 disclose that the registered password was input from outside the server device, or that the 

17 registered password (authentication data) was biometric data, which is compared to user gathered 

1 8 biometric data, and if within a threshold of each other the response to the challenge is generated. 

1 9 BoUe teaches that in order to prevent the use of a stolen PIN number by an impersonator, 

20 biometrics can be used, wherein upon receiving an authentication challenge, the challenged 

2 1 device measures the user's biometric, compares it to a stored authenticated biometric, and if they 
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1 match, the reply to the challenge is sent to the querying system and the querying system can 

2 verify the biometric as well (See BoUe Col. 1 Lines 14-31 and Col. 6 Lines 15-32). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to have employed the teachings of Bo He in the challenge-response system of Caputo 

5 by verifying a biometric of the user prior to transmitting the response to the challenge and having 

6 the querying system verify the biometric. This would have been obvious because the ordinary 

7 person skilled in the art would have been motivated to prevent the use of a stolen PIN number by 

8 an impersonator. 



9 Conclusion 

1 0 Claims 1-17 have been rejected. 

1 1 The prior art made of record and not relied upon is considered pertinent to applicant's 

12 disclosure. 

13 Any inquiry concerning this communication or earlier communications from the 

14 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

15 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

16 If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 

17 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

1 8 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9 1 99 (IN USA OR CANADA) or 57 1 -272- 1 000. 
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